diff options
| -rw-r--r-- | docs/certinstall.rst | 20 | ||||
| -rw-r--r-- | libmproxy/script.py | 1 | ||||
| -rw-r--r-- | libmproxy/version.py | 2 | ||||
| -rw-r--r-- | setup.py | 42 |
4 files changed, 38 insertions, 27 deletions
diff --git a/docs/certinstall.rst b/docs/certinstall.rst index 542c6dd2..5ec7b7ce 100644 --- a/docs/certinstall.rst +++ b/docs/certinstall.rst @@ -90,20 +90,28 @@ Chrome on Linux See https://code.google.com/p/chromium/wiki/LinuxCertManagement -More on mitmproxy certificates ------------------------------- +The mitmproxy certificate authority +----------------------------------- The first time **mitmproxy** or **mitmdump** is run, the mitmproxy Certificate Authority (CA) is created in the config directory (``~/.mitmproxy`` by default). This CA is used for on-the-fly generation of dummy certificates for each of the SSL sites that your client visits. Since your browser won't trust the -mitmproxy CA out of the box , you will see an SSL certificate warning every +mitmproxy CA out of the box, you will see an SSL certificate warning every time you visit a new SSL domain through mitmproxy. When you are testing a single site through a browser, just accepting the bogus SSL cert manually is not too much trouble, but there are a many circumstances where you will want to configure your testing system or browser to trust the mitmproxy CA as a -signing root authority. For security reasons, the mitmproxy CA is generated uniquely on the first -start and is not shared between mitmproxy installations on different devices. +signing root authority. For security reasons, the mitmproxy CA is generated uniquely on the first start and is not shared between mitmproxy installations on different devices. + +Certificate Pinning +^^^^^^^^^^^^^^^^^^^ + +Some applications employ `Certificate Pinning`_ to prevent man-in-the-middle attacks. +This means that **mitmproxy** and **mitmdump's** certificates will not be +accepted by these applications without modifying them. It is recommended to use the +:ref:`passthrough` feature in order to prevent **mitmproxy** and **mitmdump** from intercepting +traffic to these specific domains. If you want to intercept the pinned connections, you need to patch the application manually. For Android and (jailbroken) iOS devices, various tools exist to accomplish this. CA and cert files @@ -172,3 +180,5 @@ If you visit example.org, mitmproxy looks for a file named ``example.org.pem`` i directory and uses this as the client cert. The certificate file needs to be in the PEM format and should contain both the unencrypted private key and the certificate. + +.. _Certificate Pinning: http://security.stackexchange.com/questions/29988/what-is-certificate-pinning/
\ No newline at end of file diff --git a/libmproxy/script.py b/libmproxy/script.py index 8bfacb38..9d051c12 100644 --- a/libmproxy/script.py +++ b/libmproxy/script.py @@ -63,6 +63,7 @@ class Script: """ def __init__(self, command, master): + self.command = command self.args = self.parse_command(command) self.ctx = ScriptContext(master) self.ns = None diff --git a/libmproxy/version.py b/libmproxy/version.py index eb219327..5ed89732 100644 --- a/libmproxy/version.py +++ b/libmproxy/version.py @@ -1,6 +1,6 @@ from __future__ import (absolute_import, print_function, division) -IVERSION = (0, 14, 0) +IVERSION = (0, 14, 1) VERSION = ".".join(str(i) for i in IVERSION) MINORVERSION = ".".join(str(i) for i in IVERSION[:2]) NAME = "mitmproxy" @@ -15,25 +15,25 @@ with open(os.path.join(here, 'README.rst'), encoding='utf-8') as f: # Core dependencies deps = { "netlib>=%s, <%s" % (version.MINORVERSION, version.NEXT_MINORVERSION), - "pyasn1>0.1.2", - "tornado>=4.0.2", - "configargparse>=0.9.3", - "pyperclip>=1.5.8", - "blinker>=1.3", - "pyparsing>=1.5.2", - "html2text>=2015.4.14", - "construct>=2.5.2", - "six>=1.9.0", - "lxml>=3.3.6", - "Pillow>=2.3.0", + "pyasn1~=0.1.9", + "tornado~=4.3.0", + "configargparse~=0.10.0", + "pyperclip~=1.5.22", + "blinker~=1.4", + "pyparsing~=2.0.5", + "html2text~=2015.11.4", + "construct~=2.5.2", + "six~=1.10.0", + "lxml~=3.4.4", + "Pillow~=3.0.0", } # A script -> additional dependencies dict. scripts = { "mitmproxy": { - "urwid>=1.3", + "urwid~=1.3.1", }, "mitmdump": { - "click>=5.1", + "click~=5.1", }, "mitmweb": set() } @@ -50,9 +50,9 @@ dev_deps = { "sphinxcontrib-documentedlist>=0.2", } example_deps = { - "pytz", - "harparser", - "beautifulsoup4", + "pytz~=2015.7", + "harparser~=0.2", + "beautifulsoup4~=4.4.1", } # Add *all* script dependencies to developer dependencies. for script_deps in scripts.values(): @@ -61,14 +61,14 @@ for script_deps in scripts.values(): # Remove mitmproxy for Windows support. if os.name == "nt": del scripts["mitmproxy"] - deps.add("pydivert>=0.0.7") # Transparent proxying on Windows + deps.add("pydivert~=0.0.7") # Transparent proxying on Windows # Add dependencies for available scripts as core dependencies. for script_deps in scripts.values(): deps.update(script_deps) if sys.version_info < (3, 4): - example_deps.add("enum34") + example_deps.add("enum34~=1.0.4") console_scripts = ["%s = libmproxy.main:%s" % (s, s) for s in scripts.keys()] @@ -107,9 +107,9 @@ setup( extras_require={ 'dev': list(dev_deps), 'contentviews': [ - "pyamf>=0.6.1", - "protobuf>=2.5.0", - "cssutils>=1.0" + "pyamf~=0.7.2", + "protobuf~=2.6.1", + "cssutils~=1.0.1" ], 'examples': list(example_deps) } |